The famous DeFi protocol Cream Finance is yet again a victim of another cyber crypto-hack, this time losing more than $29m. The latest attack on this lending and borrowing platform is already the second of this kind this year. In the first attack in February 2021, the comapny lost a whopping $37.5m.
Combined with the recent attack, both heists amount to more than $66.5m in various cryptocurrencies. And it seems that both times the hackers were using a bug in the system to achieve ‘success’.
In order to exploit the Cream protocol, the hacker recognized a bug which is a result of the intro of the amp token in the protocol. After successfully managing to do so, the hacker started re-borrowing assets for the duration of the transfer.
More specifically, the hacker repeated this action 17 times, making two hefty sums of $21.5m( 418.311.571 AMP) and $4.15m( 1.308.09 ETH) respectively.
According to a statement by Peckshield, the entire hack was conducted in a single transaction. The blockchain data analytic company believes that the hack is greatly due to the bug in the code of the platform’s amp currency.
This latest attack is very similar to the one in February. Back then the hackers also exploited a bug in system to withdraw $37.5. In order to successfully pull that off, they took advantage of a whitelisting function and an inconsistency in the code.
They achieved this by using Alpha Finance, also a DeFi protocol, and their unreleased contract version. Afterwards the hackers just transferred the funds to Tornado.cash, an Ethereum based decentralized transaction solution.
Both attacks on Cream protocol should serve as a lesson for anyone involved in the crypto business. Especially for blockchain and DeFi operators. Cases like Cream Finance losing $29m in the recent cyber attack are to remind all DeFi protocols how easy it can be to let your guard down. Especially if we consider all of the recent and frequent cyber attacks on many blockchain operators.
For updates and exclusive offers, enter your e-mail below.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |